Vulnerabilities > Ovirt
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-25 | CVE-2024-0822 | Improper Authentication vulnerability in Ovirt Ovirt-Engine An authentication bypass vulnerability was found in overt-engine. | 7.5 |
| 2022-09-28 | CVE-2022-3193 | Cross-site Scripting vulnerability in Ovirt Ovirt-Engine 4.3.0 An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. | 6.1 |
| 2022-08-26 | CVE-2022-0207 | Race Condition vulnerability in multiple products A race condition was found in vdsm. | 4.7 |
| 2022-03-25 | CVE-2022-0435 | Out-of-bounds Write vulnerability in multiple products A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. | 8.8 |
| 2022-03-10 | CVE-2022-0847 | Improper Initialization vulnerability in multiple products A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. | 7.8 |
| 2020-12-21 | CVE-2020-35497 | Improper Access Control vulnerability in multiple products A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key. | 6.5 |
| 2020-08-18 | CVE-2020-14333 | Cross-site Scripting vulnerability in Ovirt Ovirt-Engine A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. | 6.1 |
| 2020-03-19 | CVE-2019-19336 | Cross-site Scripting vulnerability in multiple products A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. | 4.3 |
| 2019-12-10 | CVE-2013-0293 | Improper Privilege Management vulnerability in Ovirt Node 2.6.01 oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation | 7.2 |
| 2019-12-02 | CVE-2012-4480 | Improper Privilege Management vulnerability in multiple products mom creates world-writable pid files in /var/run | 4.6 |